Digital transformation requires increased cybersecurity
In today’s fast-changing digitally-led economy, most businesses are currently going through some form of digital transformation, either to improve their offering or to streamline their operations, with many already seeing the benefits of financial investments made.
The Catch-22 is that with this increased use of technology and collection of personal data, the need for protection increases. But not all businesses are actively protecting themselves against cybercrime.
The majority of European businesses understand they are at risk from a cyberattack and many even believe they could have been the victim of a breach without knowing.
However, coupled with this is a lack of confidence in their ability to protect themselves and a sense of inevitability and resignation to an attack, with many believing hackers will always outwit preventative software.
There is a gap in senior management’s engagement and prioritisation of cybersecurity that needs to be addressed.
Not only is there a lack of discussion around the risks at board level but there is also ambiguity over who is responsible for cybersecurity in the organisation. Ideally, the senior executives themselves should be accountable.
When it comes to threats now and in the future, most businesses see human error as the core area of vulnerability with targeted attacks on staff via phishing, whaling and ransomware attacks being the most sensitive touchpoint.
This assertion is consistently supported by all of the findings on data breaches that have already occurred.
A significant number of companies in the survey admitted a security breach and gave details about how they had dealt with it and its impact. The findings confirm the critical role of the employee with most attacks identified by them and/or access gained through them.
Positive direct action after the event is seen with investment in software, training and much needed IT security reviews. However, one key issue highlighted is the lack of transparency of the breach with 75% of breaches not becoming public knowledge.